To gain proper coverage, organizations have to evaluate their needs, and demonstrate appropriate levels of security monitoring to obtain a policy. For many companies, that means investing in security information and event management (SIEM). Is it the only answer to obtaining insurance policies or reducing costs? Definitely not. That said, organizations leveraging SIEM successfully can validate proper visibility across the environment and better detect and respond to a variety of threats — and this can help prove effective risk management for cyber insurance coverage and costs.
Before diving deeper into how SIEM can help with cyber insurance, let’s discuss the current state of the cyber insurance industry and why organizations invest in coverage.
The Current State of the Cybersecurity Insurance Industry
According to the Marsh “State of Cyber Resilience” survey, 63% of executives see insurance as a key piece of cyber risk management. Additionally, Marsh is seeing increasing growth year over year in the purchasing of cyber insurance.
Why Organizations Invest in Cyber Insurance
One of the major drivers of cyber insurance and likely the growth of the market is the continued prevalence of ransomware. The 2022 Verizon DBIR shows an upward trend of ransomware attacks, increasing about 13% last year, which is nearly as much as the prior five years combined! In an ironic discovery, the Microsoft’s Digital Defense Report 2022 found that 60% of those organizations that had experienced a ransomware event had not invested in security information and event management technology.
Not only are the frequency of these attacks increasing, but the value of the ransoms themselves is staggering. In IBM’s “Cost of Data Breach” 2022 report, they found that the average cost of a ransomware attack in their research data to be 4.54 million USD, not including the cost of the ransom itself.
How SIEM Can Help with Cyber Insurance
SIEM is a security tool that helps small security teams and large enterprises detect against a variety of cyberthreats, including reducing the risk of successful ransomware attacks. By collecting, aggregating, and analyzing volumes of data in a centralized location, security professionals can accurately pinpoint threats and respond to cyberattacks in real time. SIEM technology helps with log management, event correlation, incident monitoring and response, and reporting and auditing for compliance requirements.
These kinds of security capabilities validate to insurance agencies that effective risk management processes and technology are in place, and therefore, may help organizations obtain insurance or lower their premiums and coverage costs.
Testimonials of Cyber Insurance Success — Thanks to SIEM
It’s very important to note that not all organizations are the same and everyone’s coverage looks different based on the business, technology stack, and the insurers’ policies. You may not need a SIEM solution to obtain coverage or lower costs, but again, it can help!
We’ve seen success in the insurance realm regarding several of our SIEM clients. According to the Total Economic Impact™ of the LogRhythm SIEM, Forrester Consulting found LogRhythm customers “improved access to and lowered the cost of cybersecurity insurance” by using SIEM. In this report, you can find statements from two security professionals that have personal experience with this:
“The IS security director of a healthcare organization said, “I would expect that if we didn’t have that SIEM box checked, our cyberinsurance costs would be higher.” The VP of information security for a healthcare organization said, “We have several client requirements to have a SIEM, so if we didn’t have one, we probably would not have been able to get insured.”
What to Expect When Obtaining Cyber Insurance Coverage
Given the increasing difficulty and cost of getting cyber insurance, it’s important that people start to look at how security monitoring and other key factors will impact their ability to obtain cyber insurance. A common starting point when shopping cyber insurance policies is responding to questionnaires that will give insurers an idea of what coverage you are seeking and what risk profile your organization fits into based on the security capabilities at your organization.
7 Common Questions Cyber Insurers Ask
1. Describe your organization.
To kick things off, cyber insurance companies will ask you basic questions, such as:
- What products and services does your organization offer?
- How many employees do you have?
- What is your annual revenue?
- Do you foresee any potential mergers or questions in the future?
These ground questions are all about building your profile as a company and starting the framework of your overall risk profile.
2. Does your organization use multi-factor authentication (MFA)?
This is a common question when mitigating cyberattacks, as one of the most common vectors is using stolen credentials. Mutli-factor authentication adds an extra layer of protection against hackers trying to gain access to your systems and this step can greatly reduce the risk of successful attempts to using those stolen credentials.
3. Does your organization use e-mail filtering, cybersecurity awareness training, or phishing assessments?
Like MFA above, insurers want to know what activities an organization takes regarding the risk of stolen credentials. One of the most common causes of stolen credentials is through business e-mail compromise (BEC).
Filtering will prevent some phishing e-mails to make it to your users. When that does not work, organizations must rely on training their users to be aware of these risks and prevent them from disclosing their credentials. Phishing assessments can give your users further exposure to phishing beyond theoretical training and help your organization assess its susceptibility to phishing.
4. Does your organization have a vulnerability management program?
Having a vulnerability management program shows insurers that your organization has defined measures in place to evaluate and mitigate potential vulnerabilities in your environment that could allow bad actors to compromise your systems.
Insurers will often look for details here regarding the cadence of assessment, timeliness of remediation, and environments covered.
5. Does your organization have an EDR, NDR, SIEM, or other monitoring tool?
Insurers want to know that you can quickly detect and respond to cyberattacks. Timely detection is critical in preventing loss and mitigating exposure. Tools such as endpoint detection and response (EDR), network detection and response (NDR), and SIEM can help you show insurers that you have capabilities to monitor and properly defend your organization against a variety of threats and advanced attacks such as ransomware.
6. Does your organization have an incident response plan, and does it include playbooks for various attack scenarios?
Not only do insurers want to know that you can monitor and detect cyberattacks, but they also want to know how you are set up to respond and triage those events to prevent and or minimize losses.
7. Does your organization have backup and disaster recovery programs?
Depending on the coverage being sought after, an organization may want to recoup ransom losses or make up for any business disruptions that may have occurred during and after an attack.
Information about an organization’s backup policy, frequency, test schedule, and location can help insurers determine how well they may be able to recover from an event like ransomware. Likewise, a robust disaster recovery program that is well-tested can help insurers determine a company’s ability to recover and get back to business.
How LogRhythm SIEM Can Help with Cyber Insurance
Just like cybersecurity, there is no silver bullet to obtaining a policy or obtaining one at an affordable price. Every organization’s cybersecurity insurance looks different based on the business, risk profile, and their insurers’ policies. The key in this process is demonstrating through a combination of tools and processes that an organization can effectively identify potential threats and showcase proactive intervention and mitigation.
At LogRhythm, we specialize in helping our customers to better detect, response, investigate, and respond to cyberthreats. If you are interested in learning more about how LogRhythm SIEM can help you demonstrate these security operations capabilities, schedule a one-on-one consultation with an expert.
from LogRhythm https://bit.ly/43pKtOp